Wireless network attacks and how to prevent them

Wireless networks can be open to active and also passive attacks. These types of attacks include DoS, MITM, spoofing, jamming, war driving, network hijacking, packet sniffing, and many more. Passive attacks that take place on wireless networks are common and are difficult to detect since the attacker usually just collects information. This is the type of attack that google was criticized for doing during its google maps data tours. Active attacks happen when a hacker has gathered information about the network after a successful passive attack.

War driving

Hackers can download freely available war-driving software. Including a program called NetStumbler. These programs help launch passive attacks on a wireless networks. Hackers will use this software to detect an insecure wireless network which has poor security.

Man-in-the-Middle (MITM)

The hacker will place a rogue access point in the range of the existing wireless network. The wireless network users are then not aware that they are connecting to rogue access points, and give over their personal data. Some hackers have even been known to use access points close to a building from their car.

Plain-text attacks

WEP standard is vulnerable to these attacks since it uses the RC4 encryption algorithm. In WEP authentication, the initial verification text is sent in plain text. The RC4 encryption algorithm uses a stream cipher and is known for its vulnerability. It uses a 24-bit IV for both 40- and 128-bit encryption, which is easy to predict. WEP encryption keys can easily be cracked using tools including WEPCrack and AirSnort.

Packet sniffing and eavesdropping

These two common techniques are used to launch attacks on wireless networks. Sniffing is the act of monitoring the network traffic using legitimate network analysis tools. Hackers can use monitoring tools, including AiroPeek, Ethereal, or TCPDump, to monitor the wireless networks. These tools allow hackers to find an unprotected network that they can hack. Your wireless network can be protected against this type of attack by using strong encryption and authentication methods.

Jamming

Jamming is the flooding of radio frequencies with an undesired signal. It results in the unavailability of the required signal to the wireless devices. Since there is so much noise in the air, the valid user cannot pick up the correct signal.

Network hijacking

Network hijacking is when a users active session on the wireless network is taken control of by a hacker. The hacker can insert himself between the network server and the wireless client and from then on any communication that takes place between the hijacker and the client or the server is intercepted.

Denial of Service (DoS)

A DoS attack happens when the legitimate client is stopped from accessing the network resources due to unavailability of the services. This type of attack is normally the work of a collection of bots, or a number of users repeatedly using programs to bombard the website.

Flooding

Hackers can also flood a wireless network using attack methods including ICMP flooding (Ping flooding) and SYN flooding. These just overload the wireless network with data, and then the user can't find a space to squeeze in..

Protecting wireless networks from attacks

Network administrators can take steps to help protect their wireless networks from outside threats and attacks. Some protective measures include some basic common sense, like keeping the drivers of all the software and hardware up to date. Most hackers will be posting details of any loops or exploits online, and once a security hole is found, they will come in bunches to test your network with it. Always change your SSID from the default, before you actually connect the wireless router of the access point. WEP should always be used for wireless networks. Wireless adapters and AP devices should always support 128-bit WEP, MAC filtering, and the disabling of SSID broadcasts. If an SSID broadcast is not disabled on an access point, the use of a DHCP server to automatically assign IP addresses to wireless clients should not be used, Since wardriving software can easily detect your internal IP addressing if the SSID broadcasts are enabled and the DHCP is being used.

If you use Static WEP keys, they should be frequently rotated to so that they are not compromised. The wireless network should be located in a separate network segment. If possible also create a separate perimeter network, sometimes called a Wireless Demilitarized Zone, which is separate from the main network.

Make sure you take site surveys at every corner and the perimeter of your building . This will help detect any other APs near your wireless network. Place any access points in the center of the building; avoid placing them near windows and doors.

Comments

No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.

sending

malik rizwan

7 years ago

i m a student of bsCs in KOHAT UNIVERSITY OF SCIENCE & TECHNOLOGY.i have an IDEA on PASIVE ATTACKS IN WIRELESS NETWORK THROUGH ACCESS POINT i request u please help me because my proposel defence is healding on 17th may.

This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

This is used to display charts and graphs on articles and the author center. (Privacy Policy)

Google AdSense Host API

This service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)

This is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)

Facebook Login

You can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)

Maven

This supports the Maven widget and search functionality. (Privacy Policy)

We may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.

Conversion Tracking Pixels

We may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.

Statistics

Author Google Analytics

This is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)

Comscore

ComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)

Amazon Tracking Pixel

Some articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)